Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

I saw an interesting post this evening on NetCraft titled "Myspace Accounts compromised by Phishers". This is not an Oracle security issue but interesting all the same as its a good example of the latest trend in website attacks where the hacker is able to compromise the host site to trick users into clicking on a link that takes them to a remote site, in this case to steal password details. In this sort of attack its difficult to detect because the user is still on the real site. The hackers (I dont know if this is how they have done it) use Javascript and iFrames to redirect the user. I saw a great demo of this type of attack at BlackHat this year where the tchniques was used to attack a PC on the internal network on an internal IP address.

PFCLTraining is a set of expert training classes for you, aimed at teaching how to audit your own Oracle database,
design audit trails, secure code in PL/SQL and secure and lock down your Oracle database.